Can IBM detect fraudulent hackers with its new cognitive tool?

IBM is looking into a technology that can help detect and identify a fraudulent access of personal data stolen from its legitimate owner. The cognitive fraud detection system is especially useful to website developers and cloud providers that maintain logins and network access on a daily basis.

IBM has obtained a patent for the technology that works to create a profile of a specific user or account holder based on that user’s behavior on a website, how he navigates the mouse, some keyboard strokes, timing and how long he hovers the mouse pointer over the screen or the length of idle time in the case of touchscreen-enabled devices.

The idea behind the new IBM technology is the unique way with which every person interacts with a browser. And that is even the least noticeable part of our activity online, something that can be perceived at the most subconscious degree.

The duration of time during which we take before clicking on a link, navigate through pages and hit the keyboard varies from user to user. Raw data about this user behavior is collected by the IBM technology and analyzed to develop user profiles which can then be used to detect fraudsters who might attempt to manipulate stolen credentials.

During an initial testing, IBM was able to detect fraudulent access from 20 people who took part in the study. That represents 100 percent of the test participants for which IBM applied a prototype system of the cognitive technology.

However, 20 is such a small number and achieving complete fraud detection for that population is not as difficult as identifying fraudsters from millions of logins that blip the radar daily on real-world scenarios.

The analytical software works by matching an activity to the profile built for a legit account holder that is archived on the web server. Upon comparison when it is to be found that a current user accessing an account has activities that falls well below the pre-set threshold of the original user, the red flag is to be raised in the form of a security question that requires a highly personal answer.

The tool is especially helpful to such industries a banking, eCommerce and finance. Banking sites in particular have long held the practice of requiring a genuine account holder to access its portal for financial transactions. IBM’s cognitive system could be used to ensure 100 percent identity.

The same thing is true for eCommerce websites that store sensitive data such as credit card number, email address and bank account information.